Vulnerabilities > CVE-2016-5418 - Data Processing Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- XML Nested Payloads Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By nesting XML data and causing this data to be continuously self-referential, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization. An attacker's goal is to leverage parser failure to his or her advantage. In most cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it may be possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.230.1].
- XML Oversized Payloads Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. By supplying oversized payloads in input vectors that will be processed by the XML parser, an attacker can cause the XML parser to consume more resources while processing, causing excessive memory consumption and CPU utilization, and potentially cause execution of arbitrary code. An attacker's goal is to leverage parser failure to his or her advantage. In many cases this type of an attack will result in a denial of service due to an application becoming unstable, freezing, or crash. However it is possible to cause a crash resulting in arbitrary code execution, leading to a jump from the data plane to the control plane [R.231.1].
- XML Client-Side Attack Client applications such as web browsers that process HTML data often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.484.1]
- XML Parser Attack Applications often need to transform data in and out of the XML format by using an XML parser. It may be possible for an attacker to inject data that may have an adverse effect on the XML parser when it is being processed. These adverse effects may include the parser crashing, consuming too much of a resource, executing too slowly, executing code supplied by an attacker, allowing usage of unintended system functionality, etc. An attacker's goal is to leverage parser failure to his or her advantage. In some cases it may be possible to jump from the data plane to the control plane via bad data being passed to an XML parser. [R.99.1]
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20160912_LIBARCHIVE_ON_SL7_X.NASL description Security Fix(es) : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-03-18 modified 2016-09-13 plugin id 93454 published 2016-09-13 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93454 title Scientific Linux Security Update : libarchive on SL7.x x86_64 (20160912) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(93454); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-8916", "CVE-2015-8917", "CVE-2015-8919", "CVE-2015-8920", "CVE-2015-8921", "CVE-2015-8922", "CVE-2015-8923", "CVE-2015-8924", "CVE-2015-8925", "CVE-2015-8926", "CVE-2015-8928", "CVE-2015-8930", "CVE-2015-8931", "CVE-2015-8932", "CVE-2015-8934", "CVE-2016-1541", "CVE-2016-4300", "CVE-2016-4302", "CVE-2016-4809", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-6250", "CVE-2016-7166"); script_name(english:"Scientific Linux Security Update : libarchive on SL7.x x86_64 (20160912)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) - Multiple out-of-bounds write flaws were found in libarchive. Specially crafted ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code execution in the context of the application using libarchive. (CVE-2016-1541, CVE-2016-4300, CVE-2016-4302) - Multiple out-of-bounds read flaws were found in libarchive. Specially crafted LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8934) - Multiple NULL pointer dereference flaws were found in libarchive. Specially crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to crash. (CVE-2015-8916, CVE-2015-8917, CVE-2015-8922) - Multiple infinite loop / resource exhaustion flaws were found in libarchive. Specially crafted GZIP or ISO files could cause the application to consume an excessive amount of resources, eventually leading to a crash on memory exhaustion. (CVE-2016-7166, CVE-2015-8930) - A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) - An integer overflow flaw, leading to a buffer overflow, was found in libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660 volume with 2 GB or 4 GB file names could cause the application to attempt to allocate 20 GB of memory. If this were to succeed, it could lead to an out of bounds write on the heap and potential code execution. (CVE-2016-6250) - Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8931, CVE-2015-8932, CVE-2016-5844)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1609&L=scientific-linux-errata&F=&S=&P=1167 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a3fd90f0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bsdcpio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bsdtar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bsdcpio-3.1.2-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bsdtar-3.1.2-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libarchive-3.1.2-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libarchive-debuginfo-3.1.2-10.el7_2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libarchive-devel-3.1.2-10.el7_2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdcpio / bsdtar / libarchive / libarchive-debuginfo / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-1850.NASL description From Red Hat Security Advisory 2016:1850 : An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93447 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93447 title Oracle Linux 6 : libarchive (ELSA-2016-1850) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1850 and # Oracle Linux Security Advisory ELSA-2016-1850 respectively. # include("compat.inc"); if (description) { script_id(93447); script_version("2.8"); script_cvs_date("Date: 2019/09/27 13:00:37"); script_cve_id("CVE-2015-8920", "CVE-2015-8921", "CVE-2015-8932", "CVE-2016-4809", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-7166"); script_xref(name:"RHSA", value:"2016:1850"); script_name(english:"Oracle Linux 6 : libarchive (ELSA-2016-1850)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2016:1850 : An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) * Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921) * A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166) * A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) * Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844) Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-September/006332.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libarchive packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libarchive"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libarchive-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"libarchive-2.8.3-7.el6_8")) flag++; if (rpm_check(release:"EL6", reference:"libarchive-devel-2.8.3-7.el6_8")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive / libarchive-devel"); }NASL family Scientific Linux Local Security Checks NASL id SL_20160912_LIBARCHIVE_ON_SL6_X.NASL description Security Fix(es) : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-03-18 modified 2016-09-13 plugin id 93453 published 2016-09-13 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93453 title Scientific Linux Security Update : libarchive on SL6.x i386/x86_64 (20160912) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(93453); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-8920", "CVE-2015-8921", "CVE-2015-8932", "CVE-2016-4809", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-7166"); script_name(english:"Scientific Linux Security Update : libarchive on SL6.x i386/x86_64 (20160912)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) - Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921) - A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166) - A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) - Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1609&L=scientific-linux-errata&F=&S=&P=750 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cdda48d4" ); script_set_attribute( attribute:"solution", value: "Update the affected libarchive, libarchive-debuginfo and / or libarchive-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libarchive-devel"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/20"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"libarchive-2.8.3-7.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"libarchive-debuginfo-2.8.3-7.el6_8")) flag++; if (rpm_check(release:"SL6", reference:"libarchive-devel-2.8.3-7.el6_8")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive / libarchive-debuginfo / libarchive-devel"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0010.NASL description An update of [binutils,ntp,libarchive] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111859 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111859 title Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0010. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111859); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2014-9939", "CVE-2015-8933", "CVE-2016-4300", "CVE-2016-4301", "CVE-2016-4302", "CVE-2016-4809", "CVE-2016-5418", "CVE-2016-5844", "CVE-2016-6250", "CVE-2016-7166", "CVE-2016-8687", "CVE-2016-8688", "CVE-2016-8689", "CVE-2017-5601", "CVE-2017-6451", "CVE-2017-6452", "CVE-2017-6455", "CVE-2017-6458", "CVE-2017-6460", "CVE-2017-6462", "CVE-2017-6463", "CVE-2017-6464", "CVE-2017-6969" ); script_name(english:"Photon OS 1.0: Binutils / Libarchive / Ntp PHSA-2017-0010 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of [binutils,ntp,libarchive] packages for PhotonOS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-34 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5b02cf41"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9939"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libarchive"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:ntp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.25.1-4.ph1", "binutils-debuginfo-2.25.1-4.ph1", "binutils-devel-2.25.1-4.ph1", "libarchive-3.3.1-1.ph1", "libarchive-debuginfo-3.3.1-1.ph1", "libarchive-devel-3.3.1-1.ph1", "ntp-4.2.8p10-1.ph1", "ntp-debuginfo-4.2.8p10-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / libarchive / ntp"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1853.NASL description An update for atomic-openshift and heapster is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenShift Enterprise by Red Hat is the company last seen 2020-06-12 modified 2018-12-04 plugin id 119381 published 2018-12-04 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119381 title RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:1853. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(119381); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/11"); script_cve_id("CVE-2016-5418"); script_xref(name:"RHSA", value:"2016:1853"); script_name(english:"RHEL 7 : Red Hat OpenShift Enterprise 3.2 (RHSA-2016:1853)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for atomic-openshift and heapster is now available for Red Hat OpenShift Enterprise 3.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenShift Enterprise by Red Hat is the company's cloud computing Platform- as-a-Service (PaaS) solution designed for on-premise or private cloud deployments. Security Fix(es) : * When processing an archive file that contains an archive entry with type 1 (hardlink) but also having a non-zero data size a file overwrite can occur. This would allow an attacker that can pass data to an application that uses libarchive to unpack it to overwrite arbitrary files with arbitrary data. (CVE-2016-5418) Red Hat would like to thank Insomnia Security for reporting this issue. This update also fixes the following bugs : * Previously, pods that had a resource request of 0 and specified limits were classified as BestEffort when they should have been classified as Burstable. This bug fix ensures that those pods are correctly classified as Burstable.(BZ#1357475) * Future versions of docker will require containerized installations of OpenShift Container Platform to mount /var/lib/origin with the `rslave` flag. New installations of OpenShift Container Platform 3.2 have this value set. However, upgrades from 3.1 did not properly set this value. This bug fix ensures that this flag is now set during upgrades, ensuring that OpenShift Container Platform works properly under future versions of docker. (BZ#1358197) * The PersistentVolumeLabel admission plug-in is now enabled by default. This plug-in labels AWS and GCE volumes with their zone so the scheduler can limit the nodes for a pod to only those in the same zone as the persistent volumes being used by the pod. (BZ#1365600) * Previously, heapster incorrectly generated error messages indicating that it 'Failed to find node'. This bug fix corrects that error and ensures that erroneous warnings are generated.(BZ#1366367) * The deployment controllers' resync interval can now be configured. The previously hard-coded 2-minute default is the likely cause of performance regressions when thousands of deploymentconfigs are present in the system. Increase the resync interval by setting deploymentControllerResyncMinute in /etc/origin/master/master-config.yaml.(BZ#1366381) * Previously, AWS-related environment variables were removed from /etc/ sysconfig/atomic-openshift-master files during an upgrade if these values were not included in the advanced installer's inventory file. This bug fix ensures that these variables are now preserved during upgrades. (BZ# 1370641) * Previously, updates to the containerized atomic-openshift-node service were not properly reloaded during upgrades. This bug fix corrects this error and ensures that the service is reloaded during upgrades. (BZ#1371708) * Previously the installer did not properly configure an environment for flannel when openshift_use_flannel was set to `true`. This bug fix corrects those errors and the installer will now correctly deploy environments using flannel. (BZ#1372026)" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:1853" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-5418" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:heapster"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-filter-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-lookup-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/21"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:1853"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_exists(rpm:"atomic-openshift-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-clients-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-master-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-node-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-pod-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-recycle-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-recycle-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-tests-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-tests-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-utils-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-utils-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"heapster-1.1.0-1.beta2.el7.1")) flag++; if (rpm_exists(rpm:"openshift-ansible-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-docs-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-docs-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-filter-plugins-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-filter-plugins-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-lookup-plugins-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-lookup-plugins-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-playbooks-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-playbooks-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-roles-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-roles-3.2.28-1.git.0.5a85fc5.el7")) flag++; if (rpm_exists(rpm:"tuned-profiles-atomic-openshift-node-3.2", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tuned-profiles-atomic-openshift-node-3.2.1.15-1.git.0.d84be7f.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-openshift / atomic-openshift-clients / etc"); } }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1470.NASL description According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially disclosing a small amount of application memory.(CVE-2015-8925) - A vulnerability was found in libarchive. An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash.(CVE-2016-6250) - A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to read memory beyond the end of the decompression buffer.(CVE-2015-8934) - A vulnerability was found in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 124794 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124794 title EulerOS Virtualization 3.0.1.0 : libarchive (EulerOS-SA-2019-1470) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1404.NASL description This update for libarchive fixes several issues. These security issues were fixed : - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-12-06 plugin id 95558 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95558 title openSUSE Security Update : libarchive (openSUSE-2016-1404) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1850.NASL description An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93451 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93451 title RHEL 6 : libarchive (RHSA-2016:1850) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1045.NASL description According to the versions of the libarchive package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-05-06 modified 2017-05-01 plugin id 99808 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99808 title EulerOS 2.0 SP1 : libarchive (EulerOS-SA-2016-1045) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1405.NASL description This update for libarchive fixes several issues. These security issues were fixed : - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-12-06 plugin id 95559 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95559 title openSUSE Security Update : libarchive (openSUSE-2016-1405) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0010_LIBARCHIVE.NASL description An update of the libarchive package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121677 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121677 title Photon OS 1.0: Libarchive PHSA-2017-0010 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3225-1.NASL description It was discovered that libarchive incorrectly handled hardlink entries when extracting archives. A remote attacker could possibly use this issue to overwrite arbitrary files. (CVE-2016-5418) Christian Wressnegger, Alwin Maier, and Fabian Yamaguchi discovered that libarchive incorrectly handled filename lengths when writing ISO9660 archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6250) Alexander Cherepanov discovered that libarchive incorrectly handled recursive decompressions. A remote attacker could possibly use this issue to cause libarchive to hang, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-7166) It was discovered that libarchive incorrectly handled non-printable multibyte characters in filenames. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8687) It was discovered that libarchive incorrectly handled line sizes when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8688) It was discovered that libarchive incorrectly handled multiple EmptyStream attributes when extracting certain 7zip archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2016-8689) Jakub Jirasek discovered that libarchive incorrectly handled memory when extracting certain archives. A remote attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. (CVE-2017-5601). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97660 published 2017-03-10 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97660 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libarchive vulnerabilities (USN-3225-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3677.NASL description Several vulnerabilities were discovered in libarchive, a multi-format archive and compression library, which may lead to denial of service (memory consumption and application crash), bypass of sandboxing restrictions and overwrite arbitrary files with arbitrary data from an archive, or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 93695 published 2016-09-26 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93695 title Debian DSA-3677-1 : libarchive - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-1850.NASL description An update for libarchive is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93542 published 2016-09-16 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93542 title CentOS 6 : libarchive (CESA-2016:1850) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1844.NASL description An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93450 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93450 title RHEL 7 : libarchive (RHSA-2016:1844) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-1844.NASL description From Red Hat Security Advisory 2016:1844 : An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93446 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93446 title Oracle Linux 7 : libarchive (ELSA-2016-1844) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL35246595.NASL description The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. (CVE-2016-5418) last seen 2020-06-01 modified 2020-06-02 plugin id 95718 published 2016-12-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95718 title F5 Networks BIG-IP : libarchive vulnerability (K35246595) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2911-1.NASL description This update for libarchive fixes several issues. These security issues were fixed : - CVE-2016-8687: Buffer overflow when printing a filename (bsc#1005070). - CVE-2016-8689: Heap overflow when reading corrupted 7Zip files (bsc#1005072). - CVE-2016-8688: Use after free because of incorrect calculation in next_line (bsc#1005076). - CVE-2016-5844: Integer overflow in the ISO parser in libarchive allowed remote attackers to cause a denial of service (application crash) via a crafted ISO file (bsc#986566). - CVE-2016-6250: Integer overflow in the ISO9660 writer in libarchive allowed remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow (bsc#989980). - CVE-2016-5418: The sandboxing code in libarchive mishandled hardlink archive entries of non-zero data size, which might allowed remote attackers to write to arbitrary files via a crafted archive file (bsc#998677). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 95367 published 2016-11-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95367 title SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:2911-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-1844.NASL description An update for libarchive is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es) : * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93541 published 2016-09-16 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93541 title CentOS 7 : libarchive (CESA-2016:1844) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-03.NASL description The remote host is affected by the vulnerability described in GLSA-201701-03 (libarchive: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libarchive. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted archive file possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96234 published 2017-01-03 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96234 title GLSA-201701-03 : libarchive: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-1852.NASL description An update for Red Hat OpenShift Enterprise 3.1 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenShift Enterprise by Red Hat is the company last seen 2020-06-12 modified 2018-12-04 plugin id 119380 published 2018-12-04 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119380 title RHEL 7 : Red Hat OpenShift Enterprise 3.1 (RHSA-2016:1852) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-657.NASL description It was found that libarchive mishandled hardlink archive entries of non-zero data size, possibly allowing remote attackers to to write to arbitrary files via especially crafted archives. For Debian 7 last seen 2020-03-17 modified 2016-10-17 plugin id 94077 published 2016-10-17 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/94077 title Debian DLA-657-1 : libarchive security update NASL family CGI abuses NASL id SPLUNK_652.NASL description According to its self-reported version number, the version of Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.17, 6.0.x prior to 6.0.13, 6.1.x prior to 6.1.12, 6.2.x prior to 6.2.13, 6.3.x prior to 6.3.9, 6.4.x prior to 6.4.5, or 6.5.x prior to 6.5.2; or else it is Splunk Light prior to 6.5.2. It is, therefore, affected by multiple vulnerabilities : - A security bypass vulnerability exists in the libarchive component due to a failure to properly check hardlinks that contain payload data. An unauthenticated, remote attacker can exploit this to bypass sandbox restrictions. (CVE-2016-5418) - An out-of-bounds write error exists in the libarchive component in the get_line_size() function in archive_read_support_format_mtree.c that is triggered when parsing lines. An unauthenticated, remote attacker can exploit this to crash the library or disclose memory contents. (CVE-2016-8688) - An information disclosure vulnerability exists in Splunk Light due to various system information being assigned to the global window property last seen 2020-06-01 modified 2020-06-02 plugin id 97100 published 2017-02-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97100 title Splunk Enterprise < 5.0.17 / 6.0.13 / 6.1.12 / 6.2.13 / 6.3.9 / 6.4.5 / 6.5.2 or Splunk Light < 6.5.2 Multiple Vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-743.NASL description A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive last seen 2020-06-01 modified 2020-06-02 plugin id 93744 published 2016-09-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93744 title Amazon Linux AMI : libarchive (ALAS-2016-743)
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2016-1850.html
- http://rhn.redhat.com/errata/RHSA-2016-1844.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1362601
- https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
- https://github.com/libarchive/libarchive/issues/746
- https://access.redhat.com/errata/RHSA-2016:1853
- https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
- http://www.openwall.com/lists/oss-security/2016/08/09/2
- https://access.redhat.com/errata/RHSA-2016:1852
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.securityfocus.com/bid/93165
- https://security.gentoo.org/glsa/201701-03